CVE-2016-4811: Japan Connected-free Wi-Fi Arbitrary API Execution Vulnerability

Vulnerability Key Information Vulnerability Identifier CVE: CVE-2016-4811 Vulnerability Overview Title: Japan Connected-free Wi-Fi vulnerable to API execution Description: A vulnerability exists in the Japan Connected-free Wi-Fi service that allows a man-in-the-middle attacker to execute arbitrary APIs. Reporter: Kenta Suefusa and Tomonori Shiomi of Sprout Inc. Report Date: June 23, 2016 CVSS Score CVSS V3 Severity: 5.6 (Medium) CVSS V2 Severity: 5.1 (Medium) Attack Vector: Network Complexity: High (V3), High (V2) Required Privileges: None User Interaction: None Scope: Unchanged (V3) Confidentiality Impact: Low (V3), Partial (V2) Integrity Impact: Low (V3), Partial (V2) Availability Impact: Low (V3), Partial (V2) Affected Products Affected Scope: NTT Broadband Platform, Inc. - Japan Connected-free Wi-Fi for Android 1.15.1 and earlier versions - Japan Connected-free Wi-Fi for iOS 1.13.0 and earlier versions that did not apply the content update released on April 26, 2016 Impact Android Version: May allow execution of arbitrary APIs if execution permissions are granted in the Android manifest. iOS Version: May allow execution of arbitrary APIs. Solution Recommendation: Update the software to the latest version, following the guidance provided by the developers. CWE and CVE CWE: No Mapping (CWE-Other) CVE: CVE-2016-4811 References JVN: JVN#46888319 National Vulnerability Database (NVD): CVE-2016-4811 Revision History 2016/05/27: Webpage published 2016/06/23: Content references added Public Disclosure Date First Publicized: May 27, 2016 Last Updated: June 23, 2016

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2016-4811: Japan Connected-free Wi-Fi Arbitrary API Execution Vulnerability